npm install: Verfication failed while extracting

Question

READ BEFORE ANSWER: I've already solved this issue. It was a caching issue on the npm servers. Everything works fine after switching to GitHub packages. I've already accepted my own answer.

I have a project, which I want to deploy to elastic beanstalk but sometimes the deploy fails on the npm install script with the following message:

npm ERR! code EINTEGRITY
npm ERR! Verification failed while extracting @my-package@^1.2.0:
npm ERR! Verification failed while extracting @my-package@^1.2.0:
npm ERR! sha512-lQ...HA== integrity checksum failed when using sha512: wanted sha512-lQ...HA== but got sha512-nH...ow==. (4835509 bytes)

It fails even on packages which are severel weeks old.

I’ve tried:

npm cache clean --force
npm cache verify
node_modules is in .npmignore
package-lock.json is in .npmignore
Writing a mail to support@npmjs.com, but they replying always with some helpless default replies without any solution or intention to help.

It fails even on new elastic beanstalk instances.

I have no idea how to solve this problem.

EDIT: I've also tried to delete the npm cache while preinstall script, but it doesn't work either.

EDIT2: My repo has no package-lock.json.

EDIT3: My .npmrc file has the following content

      //registry.npmjs.org/:_authToken=${NPM_TOKEN}
      unsafe-perm=true
      package-lock=false
      strict-ssl=false

EDIT4: I think it wasn't clear: It's a private package on the official npm registry. And it doesn't fail always. The current publish process includes several attempts to deploy on aws instance so long as it's succeed.

score 19 · Answer 1 · answered Nov 21 '19 at 03:25

19

Have u try to delete package-lock.json?

OR

Try to delete npm and npm-cache folders

THEN

re-run npm install

answered Nov 21 '19 at 03:25

Trisno Raynaldy

427
3
11

Thanks buddy! That has helped me a lot. – ŁukaszBachman Jan 26 '21 at 06:41

score 7 · Answer 2 · answered May 29 '20 at 00:53

Not exactly your case, but for those who run into the "integrity checksum failed" error the following might help. But first make sure you understand what's going on. npm tells you that the checksum from https://registry.npm.org doesn't match the one from package-lock.json. Either it changed in the registry, or...

Consider a line from the output:

npm ERR!
  sha512-lQ...HA==
integrity checksum failed when using sha512: wanted
  sha512-lQ...HA==
but got
  sha512-nH...ow==
. (4835509 bytes)

Find the package in package-lock.json by the first two integrity checksums (sha512-lQ...HA==), and put the third one (sha512-nH...ow==) into its "integrity" field.

More on it here.

Vincent Hoch-Drei · Accepted Answer · 2020-01-28T15:11:01.663

4

It seems to be a caching issue at the npm servers. We've switched from npm to GitHub packages, everything works fine there.

edited Jan 28 '20 at 15:11

answered Jan 08 '20 at 16:28

Vincent Hoch-Drei

603
2
7
21

score 0 · Answer 4 · answered Nov 15 '19 at 11:58

0

It could be that the version of NPM on these instances are out of date. Could you try either: npm install -g npm

Have you made sure that when this is deployed to beanstalk that the package-lock file is not on the instance? - If you have a bad lock file it needs to be deleted and re-generated.

Short of that, would need more information as you seem to have exhausted a lot of options.

answered Nov 15 '19 at 11:58

razki

1,171
2
8
16

It's not possible to run npm commands on elastic beanstalk (or update its version). The version is defines in settings and I have selected the latest possible version which AWS provides (6.9.0). However, it even fails sometimes on my local machine which has the latest version 6.13.0. And not, there's no package-lock.json anywhere. – Vincent Hoch-Drei Nov 15 '19 at 12:06
I see. Is the package an internal one? Or is it coming from the NPM registry? - Could be a networking issue. Quite hard to give you an accurate answer without your EB config file present – razki Nov 15 '19 at 12:22
It's happening on private packages but they are all stored in the default npm registry. So it couldn't be a networking error. What do you need from my EB settings? But I don't think it's an EB specific error. – Vincent Hoch-Drei Nov 15 '19 at 13:53

score 0 · Answer 5 · answered Nov 18 '19 at 17:16

0

This can happen if you request a version that is not available on the registry.

With @my-package@^1.2.0 you're requesting a version between >=1.2.0 and <2.0.0. Could it be that on this registry there is only a version that is older than 1.2.0 or newer than 2.0.0? Npm will install whatever it gets and not raise an error here.

You can check the version you get in an npm install by looking into node_modules/my-package/package.json.

If this is not happening when doing a local npm install, check wether the npm registry Amazon uses is containing your my-package package.

You could try to add the official npm registry to your Beanstalk project to check if it was the Amazon npm registry that did not contain your package. See How to use a private npm registry on Elastic Beanstalk? how to do this.

answered Nov 18 '19 at 17:16

mles

4,534
10
54
94

My modules are published on the official npm registry. Take a look at `EDIT3` in the main post. – Vincent Hoch-Drei Nov 20 '19 at 11:01
What's the name of your npm package? Can you share which version you are requesting in your package.json? – mles Nov 20 '19 at 15:21
I can't tell you the name of the package because it's private. Even if I use the exact version it's failing. – Vincent Hoch-Drei Nov 21 '19 at 11:51
Aha so a private package. Are you deploying your credentials in the .npmrc file to elastic beanstalk too? – mles Nov 21 '19 at 13:08
Yes, I do. I added this in my original post. – Vincent Hoch-Drei Nov 21 '19 at 14:29

score 0 · Answer 6 · answered Nov 20 '19 at 10:30

0

It seems to be a package-lock.json issue. As in this answer

If you have not pushed package-lock.json in your repo, it will be generated while running npm install. So it is always better to add package-lock.json in the repo to avoid inconsistent package-lock.json files across local machine and deployment machine.

Could you please try pushing a fresh package-lock.json file to the repo and try?

answered Nov 20 '19 at 10:30

Sreeragh A R

2,871
3
27
54

1

That's not a good idea because I am using my project as a lerna mono repo. Even if I would enable the creation of a package-lock.json file locally it wouldn't contain the relevent npm modules that are failing. And the creation of this file is deactivated everywhere, even on the production server. – Vincent Hoch-Drei Nov 20 '19 at 10:53

score 0 · Answer 7 · answered Feb 09 '21 at 13:51

In my case, as razki alludes to, the version of npm/node on the build server differed significantly from the version on the developer's local computer. Updating to a close enough version got rid of this problem.
For example:
The build server had: npm/6.13.4 node/v12.14.1
The developer has: npm/6.14.8 node/v14.15.1.
The build server now: npm/6.14.10 node/v14.15.4

It seems the different versions calculate the sha differently for the same package. This is why removing the package-lock.json file can work in this particular situation - at least for a while, until the computer with the different version tries to build the project again.

score -1 · Answer 8 · answered Jan 26 '21 at 09:38

Basically its concern about npm registery, Some home npm registery has been updated to another url.

You can run below command to see npm registery

npm config get registry

It should be set it

https://registry.npmjs.org/

If its not then run below command

npm config set registry https://registry.npmjs.org/

It will set npm registery. Now you can try again for

npm i

and it will install package successfully.

npm install: Verfication failed while extracting

8 Answers8